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This listing of claims will replace all prior versions, and listings, of claims in the application: 

1. (currently amended) A method for performing network address translation on 
data, the method comprising: 

receiving a. first data having a first source address and a first destination 
address, wherein the first data is sent by a first node in a first domain to a second 
node in a second domain, and wherein the first data is received into a first 
interface associated with the first domain and output from a second interface 
associated with the second domain, and wherein the first domain differs from the 
second domain; 

obtaining routing information for the first data; 

if the first source address is a private address and if a binding between the 
first source address, the first interface, and a first public address is found 
tnaislatingjhe first source address into the first public address specified b v the 
found bi nding prior to sending the first data to the second domain destination: 

if the firs tsource address is a private address and if a binding between the 
first source address, the first interface, and a first public address is not found. 
translating the first source address into a &st selected public address and forming 
and storing a first binding between the first source address, the fest selected public 
address, and the first interface if there in not ouch a binding formed already , 
wherein the translation is performed prior to sending the first data to the second 
domain destination; 

when if a degtinatirm HinHitig between the first destination address, a first 
private addr e ss, and the second interface is found th e first doctinxitioTi addror . ^ h *g 
on associat e d binding , translating the first destination address into a the first 
private address specified by the associated destination binding that is also 
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a ssociated with the first privat e? address, and tho se cond interface, whereia the 
translation of the first destination address is performed prior to sending the first 
data out the second interface to the second node; and 

sending the first data to the second node based on the routing information 

2. (original) A method as recited in claim 1, wh e r e in tho firGt binding iG form ed 
uoing - ono or moro Translation Tables, further comprising: 

receiving a se cond data having a second source address and a second 
destination address, wherein the second data is sent by a third node in a third 
domain to a fourth node in a fo urth domain , and wherein the first data is received 
into a third interface associated w ith th* thi rd domain and output from a fourth 
interface associated with the fourth dom ain, and wherein the third domain differs 
from the first domain but the second source address is the same as the first source 
address: 

obtaining routing information for the second data; 

if the second source address is a private address and if a bindin g between 
the second source address, the third int^ rface^ and a second public address is 
found, translating the second source address into the second public address 
specified bv the found binding prior to sending the second data from the fourth 
domain interface: 

if the second source addre ss is a private address and if a binding between 
the second source a ddress, the third interface, and a second public address is not 
found, translating the second source address into a selected -public address and 
forming and storing a second binding between the second source address, the 
selected public address, and the third int erface, wherein the translation is 
performed prior to s^dinc* the secon d data from the fourth interface; 
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if a second destination binding between the second destination address, a 
second private address, and the fourth interface is foirnd translating the second 
destination address into the second private address specified by the second 
destination bindi ng, wherein the translation of the second destination address is 
performed prior to sending the second data out the fourth interface to the fourth 
node; and 

sending the second data to the fourth node based on the routing 
information, 

3. (original) A method as recited in claim 1, wherein the first public address is 
selected from a pool of available public addresses* 

4. (previously presented) A method as recited in claim 1, wherein when the first data 
has a DNS payload, the method further comprises: 

translating the DNS payload of the first data into a second public address, wherein 
the translation of the first destination address is performed prior to sending the first data to the 
second node; and 

forming a second binding between the DNS payload address, the second public 
address, and the first interface. 

5. (cancelled) 

6. (previously presented) A method as recited in claim 1, wherein the first data is a 
DNS request, the method further comprising: 

receiving a second data after the first data, wherein the second data has a 
second source address, a second destination address, and a DNS payload address, 
wherein the second data is sent by a third node in the second domain to the first 
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node in the first domain, and wherein the second data is a DNS reply received into 
a the second interface and output from the first interface; 

obtaining routing information for the second data; 

translating the DNS payload address into a second public address and 
forming a second binding between the DNS payload address, the second public 
address, and the second interface, wherein the translation is performed prior to 
sending the second data out the first interface to the first node; and 

sending the second data to the first node based on the routing information 
obtained for the second data, 

7. (original) A method as recited in claim 6, wherein die first binding between 
the first source address, the first public address, and the first interface is formed by creating a 
first entry in a first table that includes a first identifier for both the first public address and the 
first destination address, a destination pointer that references information on how to translate a 
destination address of a first subsequently received data from the first public address to the first 
source address, and a source pointer that references a null value. 

8. (original) A method as recited in claim 7 9 wherein the source pointer 
referencing a null value indicates tbat the source address of tbe first subsequently received data 
does not require translation. 

9. (original) A method as recited in claim 8, the method further comprising 
modifying the first binding, wherein the first binding is modified and the second binding is 
formed by: 

creating a second entry in the first table that includes a second identifier for both 
the first source address and the second public address, a destination pointer that references 
information on how to translate a destination address of a second subsequently received data 
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from the second public address into the DNS payload address, and a source pointer that 
references information on how to translate a source address of the same second subsequently 
received data from the first source address into the first public address; and 

creating a third entry in the first table that includes a third identifier for both the 
DNS payload address and the first public address, a destination pointer that references 
information on how to translate a destination address of a third subsequently received data from 
the first public address into the first source address, and a source pointer that references 
information on how to translate a source address of the third subsequently received data from the 
DNS payload address into the second public address. 

* 

10. (original) A method as recited in claim 9> wherein the destination and source 
pointers each reference a pair having a private address of a particular interface and a 
corresponding public address, wherein the pair provide pre-translation and post-translation 
addresses for a particular source or destination address. 

11. (original) A method as recited in claim 1, further comprising tracking which 
interfaces may communicate with which other interfaces, 

12. (original) A method as recited in claim 1 1, wherein tracking is accomplished 
by setting up or dismantling one or more groups that each define which interfaces may 
communicate with each other. 

13. (original) A method as recited in claim 12, the method further comprising 
selecting a pool of public addresses for each group. 

14. (currently amended) A network address translation (NAT) system operable to 
perform network address translation on data, the NAT system comprising: 

one or more processors; 

one or more memory, wherein at least one of the processors and memory 

are adapted to: 
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receive a first data having a first source address and a first destination 
address, wherein the first data is sent by a first node in a first domain to a second 
node in a second domain, and wherein the first data is received into a first 
interface associated with the first domain and output from a second interface 
associated with the second domain, and wherein the first domain differs from the 
second domain; 

obtain routing information for the first data; 

if the first source address is a private address and if a binding between the 
first source address* the first interface, and a first public address is found, translate 
the first source address into the first public address specified by the found binding 
prior to sending the first data to the second domain destination: 

if the first source address is a private address and if a binding between the 
first source address, the first interface, a nd a first public address is not found. 
translate the first source address into a &st selected public address and forming 
and store a first binding between the first source address, the first selected public 
address, and the first interface if there i a not ouch a binding form e d alr eady, 
wherein the translation is performed prior to sending the first data to the second 
domain destination; 

wkee if a destination binding between the first destination address, a first 
private address, and the second interface is found th e first dostinatioD addrcaa has 
an associated binding, translate the first destination address into a the first private 
address specified by the associated destination binding that is als o a s G OGiat e d with 
the first private address and the second interface , wherein the translation of the 
first destination address is performed prior to sending the first data out the second 
interface to the second node; and 
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send the first data to the second node based on the routing information 

15. (previously presented) A NAT system as recited in claim 14, wherein when the 
first data has a DNS payload, one or more memory, wherein at least one of the processors and 
memory are further adapted to: 

translate the DNS payload of the first data into a second public address, wherein 
the translation of the first destination address is performed prior to sending the first data to the 
second node; and 

form a second binding between the DNS payload address, the second public 
address, and the first interface. 

16. (cancelled) 

17. (previously presented) A NAT system as recited in claim 14, wherein the first data 
is a DNS request, wherein at least one of the processors and memory are further adapted to: 

receive a second data after the first data, wherein the second data has a 
second source address, a second destination address, and a DNS payload address, 
wherein the second data is sent by a third node in the second domain to the first 
node in the first domain, and wherein the second data is a DNS reply received into 
a the second interface and output from the first interface; 

obtain routing information for the second data; 

translate the DNS payload address into a second public address and 
forming a second binding between the DNS payload address, the second public 
address, and the second interface, wherein the translation is performed prior to 
sending the second data out the first interface to the first node; and 

send the second data to the first node based on the routing information 
obtained for the second data. 
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18. (original) A NAT system as recited in claim 17/ wherein the first binding 
between the first source address, the first public address, and the first interface i$ formed by 
creating a first entry in a first table that includes a first identifier for both the first public address 
and the first destination address, a destination pointer that references information on how to 
translate a destination address of a first subsequently received data from the first public address 
to the first source address, and a source pointer that references a null value. 

19. (original) A NAT system as recited in claim 18, wherein the source pointer 
referencing a null value indicates that the source address of the first subsequently received data 
does not require translation. 

20. (original) A NAT system as recited in claim 19, wherein at least one of the 
processors and memory are further adapted to modify the first binding, wherein the first binding 
is modified and the second binding is formed by; 

creating a second entry in the first table that includes a second identifier for both 
the first source address and the second public address, a destination pointer that references 
information on how to translate a destination address of a second subsequently received data 
from the second public address into the DNS payload address, and a source pointer that 
references information on how to translate a source address of the same second subsequently 
received data from the first source address into the first public address; and 

creating a third entry in the first table thai includes a third identifier for both the 
DNS payload address and the first public address, a destination pointer that references 
information on how to translate a destination address of a third subsequently received data from 
the first public address into the first source address, and a source pointer that references 
information on how to translate a source address of the third subsequently received data from the 
DNS payload address into the second public address. 

2L (original) A NAT system as recited in claim 20, wherein the destination and 
source pointers each reference a pair having a private address of a particular interface and a 
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corresponding public address, wherein the pair provide pre-translation and post-translation 
addresses for a particular source or destination address. 

22. (original) A NAT system as recited in claim 14, wherein at least one of the 
processors and memory are further adapted to track which interfaces may communicate with 
which other interfaces. 

23. (original) A NAT system as recited in claim 22, wherein tracking is 
accomplished by setting up or dismantling one or more groups that each define which interfaces 
may communicate with each other. 

24. (original) A NAT system as recited in claim 23, wherein at least one of the 
processors and memory are further adapted to select a pool of public addresses for each group. 

25. (currently amended) A computer program product for performing network 
address translation on data, the computer program product comprising: 

at least one computer readable medium; 

computer program instructions stored within the at least one computer readable 
product configured to cause a network address translation system to: 

receive a first data having a first source address and a first destination 

address, wherein the first data is sent by a first node in a first domain to a second 
node in a second domain, and wherein the first data is received into a first 
interface associated with the first domain and output from a second interface 
associated with the second dnmain and wherein the first domain differs from the 
second domain; 

obtain routing information for the first data; 
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if the first source address is a private address and if a binding between the 
first source address, the first interface 1 and a first public address is found, translate 
the first source address int o the first public address specified by the found binding 
prior to sending the first data to the second domain destination: 

if the first source address is a private address and if a binding between the 
first source address, the first interface, and a fi rst public address is not found. 
translate the first source address into a first selected public address and forming 
and store a first binding between the first source address, the firs* selected public 
address, and the first interfac e if thoro ic not such a binding formed already, 
wherein the translation is performed prior to sending the first data to the second 
domain destination; 

wfeea if a destination binding between the first destination address, a first 
private address, and the second int e rface is found th e first doGtmation addsess h** 
an associated bindin g, translate the first destination address into a the first private 
address specified by the associated degtinAtirm binding that is also associatod with 
the first private address, and tho Gocond interface, wherein the translation of the 
first destination address is performed prior to sending the first data out the second 
interface to the second node; and 

send the first data to the second node based on the routing information. 

26. (previously presented) A computer program product as recited in claim 25, 
wherein when the first data has a DNS payload, one or more memory, wherein the computer 
program instructions are further configured to cause the network address translation system to 

translate the DNS payload of the first data into a second public address, wherein 
the translation of the first destination address is performed prior to sending the first data to the 
second node; and 
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form a second binding between the DNS payload address, the second public 
address, and the first interface. 

27. (cancelled) 

28. (original) A computer program product as recited in claim 25, wherein the first data 
is a DNS request, wherein the computer program instruction are further configured to cause the 
network address translation system to 

receive a second data after the first data, wherein the second data has a 
second source address, a second destination address, and a DNS payload address, 
wherein the second data is sent by a third node in the second domain to the first 
node in the first domain, and wherein the second data is a DNS reply received into 
a the second interface and output fiom the first interface; 

obtain routing information for the second data; 

translate the DNS payload address into a second public address and 
forming a second binding between the DNS payload address, the second public 
address, and the second interface, wherein the translation is performed prior to 
sending the second data out the first interface to the first node; and 

send the second data to the first node based on the routing information 
obtained for the second data. 

29. (original) A computer program product as recited in claim 28, wherein the 
first binding between die first source address, the first public address, and the first interface is 
formed by creating a first entry in a first table that includes a first identifier for both the first 
public address and the first destination address, a destination pointer that references information 
on how to translate a destination address of a first subsequently received data from the first 
public address to the first source address, and a source pointer that references a null value. 
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30. (original) A computer program product as recited in claim 29, wherein the 
source pointer referencing a null value indicates that the source address of the first subsequently 
received data does not require translation. 

31. (original) A computer program product as recited in claim 30, wherein the 
computer program instructions are further configured to cause the network address translation 
system to modify the first binding, wherein the first binding is modified and the second binding 
is formed by: 

creating a second entry in the first table that includes a second identifier for both 
the first source address and the second public address, a destination pointer that references 
information on how to translate a destination address of a second subsequently received data 
from the second public address into the DNS payload address, and a source pointer that 
references information on how to translate a source address of the same second subsequently 
received data from the first source address into the first public address; and 

creating a third entry in the first table thai includes a third identifier for both the 
DNS payload address and the first public address, a destination pointer that references 
information on how to translate a destination address of a third subsequently received data from 
the first public address into the first source address, and a source pointer that references 
information on how to translate a source address of the third subsequently received data from the 
DNS payload address into the second public address. 

32. (original) A computer program product as recited in claim 31, wherein the 
destination and source pointers each reference a pair having a private address of a particular 
interface and a corresponding public address, wherein the pair provide pre-translation and post- 
translation addresses for a particular source or destination address. 

33. (original) A computer program product as recited in claim 25, wherein the 
computer program instructions are further configured to cause the network address translation 
system to track which interfaces may communicate with which other interfaces. 
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34. (original) 



A computer program product as recited in claim 33, wherein 



tracking is accomplished by setting up or dismantling one or more groups that each define which 
interfaces may communicate with each other. 



computer program instructions are further configured to cause the network address translation 
system to select a pool of public addresses for each group. 

36. (currently amended) An apparatus for performing network address translation on 
data, the apparatus comprising: 

means for receiving a first data having a first source address and a first 
destination address, wherein the first data is sent by a first node in a first domain, 
to a second oode in a second domain, and wherein the first data is received into a 
first interface associated with the first domain and output from a second interface 
associated with the second domain., and wherein the first domain differs from the 
second domain; 

means for obtaining routing information for the first data; 

means for, if the first s ource address is a private address and if a binding 
between die first source address, the first interface, and a first public address is 
found, translating the fi rst source address into the first public address specified by 
th e found binding prior to sending the first data to the secon d domain destination; 

means for translating the first source address into a first selected public 
address and forming a first binding between the first source address, the first 
selected public address, and the first interfac e if the first so ura adHrec ie a 
private address and if a binding between the first source address, the first 
interface, and a first p u blic address is not foun d if thoro in nr>t « mnh n hin^a 
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fenn e d already, wherein the translation is performed prior to sending the first data 
to the second domain destination; 

means for translating the first destination address into a the first private 
address specified by the associated destination binding if a destination bindin g 
between the first destination address, a first private address, and the second 
interface is found that iG also asrioointod with tho firrrf pavate nMrnrr m fl flic 
socond interfac e when the first d e stination address hag an as s ociat e d binding, 
wherein the translation of the first destination address is performed prior to 
sending the first data out the second interface to the second node; and 

means for sending the first data to the second node based on the routing 
information. 

37. (previously presented) An apparatus as recited in claim 36, wherein the first data is 
a DNS request, the apparatus further comprising: 

means for receiving a second data after the first data, wherein the second 
data has a second source address, a second destination address, and a DNS 
payload address, wherein the second data is sent by a third node in the second 
domain to the first node in the first domain, and wherein the second data is a DNS 
reply received into a the second interface and output from the first interface; 

means for obtaining routing information for the second data; 

means for translating the DNS payload address into a second public 
address and forming a second binding between the DNS payload address, the 
second public address, and the second interface, wherein the translation is 
performed prior to sending the second data out the first interface to the first node; 
and 
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means for sending the second data to the first node based on the routing 
information obtained for the second data. 

38. (New) A NAT system as recited in claim 14, wherein at least one of the 
processors and memory are further adapted to: 

receive a second data having a second source address and a second 
destination address, wherein the second data is sent by a third node in a third 
domain to a fourth node in a fourth domain, and wherein the first data is received 
into a third interface associated with the third domain and output from a fourth 
interface associated with the fourth domain, and wherein the third domain differs 
from the first domain but the second source address is the same as the first source 
address; 

obtain routing information for the second data; 

if the second source address is a private address and if a binding between 
the second source address, the third interface, and a second public address is 
found, translate die second source address into the second public address specified 
by the found binding prior to sending the second data from the fourth domain 
interface) 

if the second source address is a private address and if a binding between 
the second source address, the third interface, and a second public address is not 
found, translate the second source address into a selected public address and form 
and store a second binding between the second source address, the selected public 
address, and the third interface, wherein the translation is performed prior to 
sending the second data from the fourth interface; 

if a second destination binding between the second destination address, a 
second private address, and the fourth interface is found, translate the second 
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destination address into the second private address specified by the second 
destination binding, wherein the translation of the second destination address is 
performed prior to sending the second data out the fourth interface to the fourth 
node; and 

send the second data to the fourth node based on the routing information. 

39. (New) A computer program product as recited in claim 25, the computer program 
instructions stored within the at least one computer readable product further configured to cause 
the network address translation system to: 

receive a second data having a second source address and a second 
destination address, wherein the second data is sent by a third node in a third 
domain to a fourth node in a fourth domain, and wherein the first data is received 
into a third interface associated with the third domain and output from a fourth 
interface associated with the fourth domain, and wherein the third domain differs 
from the first domain but the second source address is the same as the first source 
address; 

obtain routing information for the second data; 

if the second source address is a private address and if a binding between 
the second source address, the third interface, and a second public address is 
found, translate the second source address into the second public address specified 
by the found binding prior to sending the second data from the fourth domain 
interface; 

if the second source address is a private address and if a binding between 
the second source address, the third interface, and a second public address is not 
found, translate the second source address into a selected public address and form 
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and store a second binding between the second source address, the selected public 
address, and the third interface, wherein the translation is performed prior to 
sending the second data from the fourth interface; 

if a second destination binding between the second destination address, a 
second private address, and the fourth interface is found, translate the second 
destination address into the second private address specified by the second 
destination binding, wherein the translation of the second destination address is 
performed prior to sending the second data out the fourth interface to the fourth 
node; and 

send the second data to the fourth node based on the routing information. 
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